I'm looking the best approach on how to extend ServiceNow Linux discovery to capture the user id for active processes - table cmdb_running_process.
My understanding is that running processes are collected the following way:
1) Probe "Unix - Active Processes" runs and collects active processes with the following command:
ps awwxo pid,ppid,command | sed -n '/<defunct>/!p'
2) Sensors store data in cmdb_running_process
-----
To collect User Id that triggered the process, I'd run the command below:
>ps -ef
Results:
UID PID PPID C STIME TTY TIME CMD
_srvuserid 142 141 0 Oct26 pts/2 00:00:00 -bash
root 1 0 0 Oct25 ? 00:00:00 /init
What are the options to store the UID in table cmdb_running_process?
1) Through a Discovery Pattern? Note that cmdb_running_process does not inherit from cmdb_ci, so not a good candidate for Pattern extension? I don't know for sure.
2) Update out-of-the-box ServiceNow's probes and sensors to store this information? Seems like a lot of bits to modify.
3) What other options are there?
Any advice is much appreciated.
Hello,
If you go into the pattern which is triggered (prob. Linux Server) and add an extension there + turn on debug mode towards Linux server you have this function "Get Process". It would give you a lot of info:
Here is when I do "Return Processes" on my Linux test machine:
At least you can see the User name here, but when you actually select a row it is not a "User name" field (ref. the first screenshot) but I assume if you add an extra step and store this info in a variable or similar maybe you then can pull out the data somehow and insert it into a field.
Will do some testing myself just out of curiosity and let you know if I find an exact solution 🙂
Have a nice day!
Yep that seems to be the issue "what to do with the data next". Anyways think it is weird that "Running Processes" out-of-the-box does not include usernames.
Found this probe who seems to be the one which runs "Active Processes":
If I run the same command as in the field "ECC queue name" I also get the results without username, so maybe the solution is to alter the command to include usernames, BUT I would believe you must do a lot of other configurations since the field "Username" is not in "Running Processes" related list either so you probably then end up by heavily configuring out-of-the-box stuff.
If you have any ideas I don't mind test them, this is on my PDI + Virtual Machine so does not matter if it gets broken!
Anyways an interesting case to find out.
- Robin
Hi again,
See that what I mentioned is already known. You mentioned it in the start, anyways I wanted to test something and thought I could share.
Created a test field on cmdb_ci_linux_server:
Did modify pattern designer:
The result:
As expected it did only take the first row. Atleast it is a method of actually pulling some processes and put them into cmdb_ci_linux_server. If it would pull ALL data, maybe this could be a workaround, but it could quickly look pretty messy I would believe. Rather than the proper table format which cmdb_running_process contains.
When it comes to modifying cmdb_running_process with Username info that probably includes scripting and probes + sensor modifying 😞
- Robin
